partition create

Create an application partition on a locally installed or USB-connected HSM.

The command is run from the HSM administrative partition. The HSM SO must be logged in.

Partition name rules

A partition name or a partition label can include any of the following characters:

!#$%'()*+,-./0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~

>No spaces, unless you wish to surround the name or label in double quotation marks every time it is used.

>No question marks, no double quotation marks within the string.  

>Minimum name or label length is 1 character. Maximum is 32 characters.

Partition password and domain rules

Valid characters that can be used in a password or in a cloning domain are:

 !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~

(The first character in that list is the space character)

Minimum password length is 7 characters; maximum is 255 characters.  

No arbitrary maximum domain string length is enforced for domain strings.  

Syntax

partition create -slot <number> [-size <bytes>] [-force]

Argument(s) Shortcut Description
-force -f Force the action without prompting for confirmation (useful when scripting commands).
-size <bytes> -si Storage size of partition in bytes (used only for HSMs supporting multiple application partitions, to specify a size other than the calculated default size - depends on HSM memory, existing application partitions, and their specifications)
-slot <number> -sl Slot where the new partition is to be created (declares a PSO partition - not used if -label is specified)

NOTE   If the HSM supports just a single application partition, and one already exists, the partition create command stops and throws the error "Error in execution : CKR_LICENSE_CAPACITY_EXCEEDED." To create a new application partition, delete the existing one first, with partition delete, then re-issue partition create.

A partition name or a partition label can include any of the following characters:

!#$%'()*+,-./0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~

>No spaces, unless you wish to surround the name or label in double quotation marks every time it is used.

>No question marks, no double quotation marks within the string.  

>Minimum name or label length is 1 character. Maximum is 32 characters.

Valid characters that can be used in a password or in a cloning domain, when entered via LunaSH [1]), are:

!#$%'*+,-./0123456789:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_abcdefghijklmnopqrstuvwxyz{}~

(The last character in that list is the space character)

Invalid or problematic characters, not to be used in passwords or cloning domains are: "&';<>\`|()

[1] LunaSH on the SafeNet Luna Network HSM has a few input-character restrictions that are not present in LunaCM, run from a client host. It is unlikely that you would ever be able to access via LunaSH a partition that received a password or domain via LunaCM, but the conservative approach would be to avoid the few "invalid or problematic characters" generally.

Example

lunacm:> slot list

        Slot Id ->              1
        Tunnel Slot Id ->       2
        Label ->                mypcie7
        Serial Number ->        150022
        Model ->                Luna K7
        Firmware Version ->     7.0.1
        Configuration ->        Luna HSM Admin Partition (PED) Signing With Cloning Mode
        Slot Description ->     Admin Token Slot
        HSM Configuration ->    Luna HSM Admin Partition (PED)
        HSM Status ->           OK

        Slot Id ->              3
        HSM Label ->            myG5pw
        HSM Serial Number ->    7001312
        HSM Model ->            G5Base
        HSM Firmware Version -> 6.10.4
        HSM Configuration ->    SafeNet Luna USB HSM (PW) Signing With Cloning Mode
        HSM Status ->           OK

        Current Slot Id: 1

Command Result : No Error
 
 
 
lunacm:> partition create -slot 0

Command Result : No Error

lunacm:> slot list

        Slot Id ->              0
        Tunnel Slot Id ->       2
        Label ->
        Serial Number ->        349297122736
        Model ->                Luna K7
        Firmware Version ->     7.0.1
        Configuration ->        Luna User Partition With SO (PED) Signing With Cloning Mode
        Slot Description ->     User Token Slot

        Slot Id ->              1
        Tunnel Slot Id ->       2
        Label ->                mypcie7
        Serial Number ->        150022
        Model ->                Luna K7
        Firmware Version ->     7.0.1
        Configuration ->        Luna HSM Admin Partition (PED) Signing With Cloning Mode
        Slot Description ->     Admin Token Slot
        HSM Configuration ->    Luna HSM Admin Partition (PED)
        HSM Status ->           OK

        Slot Id ->              3
        HSM Label ->            myG5pw
        HSM Serial Number ->    7001312
        HSM Model ->            G5Base
        HSM Firmware Version -> 6.10.4
        HSM Configuration ->    SafeNet Luna USB HSM (PW) Signing With Cloning Mode
        HSM Status ->           OK

        Current Slot Id: 1

Command Result : No Error


Customer Support Portal

SafeNet Luna PCIe HSM 7.2 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.